CN116318759A - Data aggregation method and system for real-time encryption transmission - Google Patents

Data aggregation method and system for real-time encryption transmission Download PDF

Info

Publication number
CN116318759A
CN116318759A CN202211102129.4A CN202211102129A CN116318759A CN 116318759 A CN116318759 A CN 116318759A CN 202211102129 A CN202211102129 A CN 202211102129A CN 116318759 A CN116318759 A CN 116318759A
Authority
CN
China
Prior art keywords
data
client
encrypted
terminal
measured value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211102129.4A
Other languages
Chinese (zh)
Inventor
王伟
马杰
王雁鹤
李晓龙
韩媛
李雅健
赵威
张平
刘恒
靳文虎
姚蓉
张晓恩
高天胜
徐得忠
祁万强
韩小龙
张德明
赵琳兴
张永兴
苏军顺
祁尧刚
张吉廷
孟振文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xining Natural Resources Comprehensive Survey Center Of China Geological Survey
Original Assignee
Xining Natural Resources Comprehensive Survey Center Of China Geological Survey
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xining Natural Resources Comprehensive Survey Center Of China Geological Survey filed Critical Xining Natural Resources Comprehensive Survey Center Of China Geological Survey
Priority to CN202211102129.4A priority Critical patent/CN116318759A/en
Publication of CN116318759A publication Critical patent/CN116318759A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/26Special purpose or proprietary protocols or architectures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q9/00Arrangements in telecontrol or telemetry systems for selectively calling a substation from a main station, in which substation desired apparatus is selected for applying a control signal thereto or for obtaining measured values therefrom
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The invention provides a data aggregation method and a system for real-time encryption transmission, and relates to the technical field of computers. The method comprises the following steps: when responding to a terminal data browsing request of a client, acquiring user identity information through the client, transmitting the user identity information to a convergence platform for identity verification, and acquiring an independent private key. And the convergence platform retrieves corresponding data from the database according to the terminal data browsing request, encrypts the data through the security gateway and sends the encrypted data to the client. The client receives the encrypted data, decrypts the data by using the private key, and displays the decrypted data to the client so as to complete data viewing. The method and the system are responsible for identity authentication, authority control, data encryption transmission, data decryption storage and behavior audit of the user through the server corresponding to the convergence platform, and the client is responsible for data decryption browsing and data encryption transmission, so that potential safety hazards in the data transmission process are avoided.

Description

Data aggregation method and system for real-time encryption transmission
Technical Field
The invention relates to the technical field of computers, in particular to a data aggregation method and system for real-time encryption transmission.
Background
At present, most of data convergence platforms for field data observation adopt a plaintext data transmission mode, and even encryption is carried out through an MD5 encryption mode. Such data is extremely easy to intercept and decrypt on the network, and in particular, some ecological data related to national security has a great potential safety hazard by utilizing the transmission mode.
Disclosure of Invention
The invention aims to provide a data aggregation method and a system for real-time encryption transmission, which are used for solving the problem that data are easy to intercept and decrypt on a network and have great potential safety hazards when data are transmitted in the prior art.
Embodiments of the present invention are implemented as follows:
in a first aspect, an embodiment of the present application provides a data aggregation method for real-time encrypted transmission, including the following steps:
when responding to a terminal data browsing request of a client, acquiring user identity information through the client, transmitting the user identity information to a convergence platform for identity verification, and acquiring an independent private key;
the convergence platform retrieves corresponding data from the database according to the terminal data browsing request, encrypts the data through the security gateway and sends the encrypted data to the client;
the client receives the encrypted data, decrypts the data by using the private key, and displays the decrypted data to the client so as to complete data viewing.
In some embodiments of the present invention, the step of sending the encrypted data to the client through the security gateway includes:
the security gateway obtains the public key from the key management server;
the security gateway encrypts the data retrieved from the database according to the public key and transmits the encrypted ciphertext to the client.
In some embodiments of the present invention, before the step of retrieving the corresponding data from the database according to the terminal data browsing request, the method further includes:
acquiring a measured value from terminal instrument equipment in communication connection with a convergence terminal in real time, and performing SM 2-level encryption on the measured value through the convergence terminal, wherein the convergence terminal is in communication connection with a convergence platform;
the convergence terminal uploads the encrypted measured value to the convergence platform, decrypts the encrypted measured value through the security gateway to obtain a decrypted measured value, and stores the decrypted measured value into the database.
In some embodiments of the present invention, the step of obtaining, in real time, the measured value from the terminal equipment communicatively connected to the convergence terminal, and performing SM2 level encryption on the measured value by the convergence terminal includes:
the convergence terminal acquires the measured value of the terminal instrument equipment, and simultaneously acquires a private key from the key management server;
and after the convergence terminal encrypts the measured value by using the private key, uploading the encrypted measured value to the convergence platform by using an MQTT protocol.
In some embodiments of the present invention, the step of decrypting the encrypted measurement value by the security gateway to obtain a decrypted measurement value, and storing the decrypted measurement value in the database includes:
intercepting the encrypted measured value uploaded to the convergence platform through a security gateway, and acquiring a public key from a key management server by the security gateway;
the security gateway decrypts the encrypted measured value by using the public key and forwards the decrypted measured value to the convergence server;
after receiving the measured value after decryption, the convergence server stores the measured value after decryption into a database according to a preset rule.
In some embodiments of the present invention, before the step of obtaining the public key from the key management server by the security gateway, the method further includes:
the public key is deployed in the converged platform by a key management server.
In some embodiments of the present invention, the client uses a USBkey.
In a second aspect, an embodiment of the present application provides a data aggregation system for real-time encrypted transmission, including:
the identity verification module is used for acquiring user identity information through the client when responding to a terminal data browsing request of the client, transmitting the user identity information to the convergence platform for identity verification, and acquiring an independent private key;
the data encryption module is used for retrieving corresponding data from the database according to the terminal data browsing request by the convergence platform, carrying out data encryption processing through the security gateway and then sending the data to the client;
the data decryption module is used for receiving the encrypted data by the client, decrypting the data by using the private key, and displaying the decrypted data on the client so as to finish data viewing.
In a third aspect, embodiments of the present application provide an electronic device comprising a memory for storing one or more programs; a processor. The method of any of the first aspects described above is implemented when one or more programs are executed by a processor.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method as in any of the first aspects described above.
Compared with the prior art, the embodiment of the invention has at least the following advantages or beneficial effects:
the invention provides a data aggregation method and a system for real-time encryption transmission, which comprise the following steps: when responding to a terminal data browsing request of a client, acquiring user identity information through the client, transmitting the user identity information to a convergence platform for identity verification, and acquiring an independent private key. And the convergence platform retrieves corresponding data from the database according to the terminal data browsing request, encrypts the data through the security gateway and sends the encrypted data to the client. The client receives the encrypted data, decrypts the data by using the private key, and displays the decrypted data to the client so as to complete data viewing. The method and the system are responsible for user identity authentication, authority control, data encryption transmission, data decryption storage and behavior audit through the server corresponding to the convergence platform, and the client is responsible for data decryption browsing and data encryption transmission, so that the functions of user identity authentication, session negotiation keys, safety monitoring and anti-cracking of a client system are completed jointly by utilizing the server and the client. Thereby avoiding potential safety hazards in the data transmission process.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a data aggregation method for real-time encrypted transmission according to an embodiment of the present invention;
FIG. 2 is a flow chart of another method for data aggregation for real-time encrypted transmission according to an embodiment of the present invention;
FIG. 3 is a flowchart of a data aggregation method for real-time encrypted transmission according to an embodiment of the present invention;
fig. 4 is a block diagram of a data aggregation system for real-time encrypted transmission according to an embodiment of the present invention;
fig. 5 is a schematic block diagram of an electronic device according to an embodiment of the present invention.
Icon: 110-an identity verification module; 120-a data encryption module; 130-a data decryption module; 101-memory; 102-a processor; 103-communication interface.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, as provided in the accompanying drawings, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like, if any, are used solely for distinguishing the description and are not to be construed as indicating or implying relative importance.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the appearances of the element defined by the phrase "comprising one … …" do not exclude the presence of other identical elements in a process, method, article or apparatus that comprises the element.
In the description of the present application, it should be noted that, if the terms "upper," "lower," "inner," "outer," and the like indicate an azimuth or a positional relationship based on the azimuth or the positional relationship shown in the drawings, or an azimuth or the positional relationship that the product of the application is commonly put in use, it is merely for convenience of describing the present application and simplifying the description, and does not indicate or imply that the apparatus or element to be referred to must have a specific azimuth, be configured and operated in a specific azimuth, and thus should not be construed as limiting the present application.
In the description of the present application, it should also be noted that, unless explicitly stated and limited otherwise, the terms "disposed," "connected," and "connected" should be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the terms in this application will be understood by those of ordinary skill in the art in a specific context.
Some embodiments of the present application are described in detail below with reference to the accompanying drawings. The various embodiments and features of the embodiments described below may be combined with one another without conflict.
Examples
Referring to fig. 1, fig. 1 is a flowchart of a data aggregation method for real-time encrypted transmission according to an embodiment of the present invention. The embodiment of the application provides a data aggregation method for real-time encryption transmission, which comprises the following steps:
s110: when responding to a terminal data browsing request of a client, acquiring user identity information through the client, transmitting the user identity information to a convergence platform for identity verification, and acquiring an independent private key;
s120: the convergence platform retrieves corresponding data from the database according to the terminal data browsing request, encrypts the data through the security gateway and sends the encrypted data to the client;
s130: the client receives the encrypted data, decrypts the data by using the private key, and displays the decrypted data to the client so as to complete data viewing.
In the implementation process, when a user browses data through a client, identity verification is firstly carried out through the convergence platform, an independent private key is obtained at the same time of the identity verification, the convergence platform searches data needed by the user from a database according to a terminal data browsing request of the user, the data is sent to the client after being encrypted through a security gateway, and after the client receives the encrypted data, the data is decrypted through the obtained private key and then displayed on the terminal, so that data viewing is completed. The method is characterized in that a server corresponding to the convergence platform is responsible for user identity authentication, authority control, data encryption transmission, data decryption storage and behavior audit, and the client is responsible for data decryption browsing and data encryption transmission, so that the functions of user identity authentication, session negotiation keys, safety monitoring and anti-cracking of a client system are finished jointly by the aid of the server and the client. Thereby avoiding potential safety hazards in the data transmission process.
In some implementations of this embodiment, the step of sending the encrypted data to the client through the security gateway includes:
the security gateway obtains the public key from the key management server;
the security gateway encrypts the data retrieved from the database according to the public key and transmits the encrypted ciphertext to the client. Thereby realizing the aim of data encryption transmission of the client.
Wherein, before the step of the security gateway obtaining the public key from the key management server, the method further comprises: the public key is deployed in the converged platform by a key management server. Providing the security gateway with key management functions (including initial key generation, key distribution, updating, archiving, and key-based authentication, etc.).
Referring to fig. 3, fig. 3 is a flowchart illustrating another data aggregation method for real-time encrypted transmission according to an embodiment of the present invention. In some implementations of this embodiment, before the step of retrieving, by the convergence platform, the corresponding data from the database according to the terminal data browse request, the method further includes:
acquiring a measured value from terminal instrument equipment in communication connection with a convergence terminal in real time, and performing SM 2-level encryption on the measured value through the convergence terminal, wherein the convergence terminal is in communication connection with a convergence platform;
the convergence terminal uploads the encrypted measured value to the convergence platform, decrypts the encrypted measured value through the security gateway to obtain a decrypted measured value, and stores the decrypted measured value into the database.
The convergence terminal can be convergence platform terminal software (for example, mobile phone APP).
In the implementation process, the convergence platform acquires real-time measurement values from terminal instrument equipment (such as various analysis instruments and monitoring instruments) through convergence platform terminal software, SM 2-level encryption is carried out through the convergence platform terminal software, the encrypted real-time measurement values are uploaded to the convergence platform through the Internet, the encrypted measurement data are decrypted through the security gateway, and the decrypted measurement values are stored in the database. Therefore, the purposes of data encryption transmission and data decryption storage of the server side corresponding to the convergence platform are achieved, and the safety of data in the process of uploading the measured value of the terminal instrument equipment to the convergence platform is ensured.
In some implementations of this embodiment, the step of obtaining, in real time, the measured value from the terminal equipment communicatively connected to the convergence terminal, and performing SM2 level encryption on the measured value by the convergence terminal includes:
the convergence terminal acquires the measured value of the terminal instrument equipment, and simultaneously acquires a private key from the key management server;
and after the convergence terminal encrypts the measured value by using the private key, uploading the encrypted measured value to the convergence platform by using an MQTT protocol. Therefore, the aim of data encryption transmission of the server side corresponding to the convergence platform is further achieved.
In some implementations of this embodiment, the step of decrypting the encrypted measurement value by the security gateway to obtain a decrypted measurement value, and storing the decrypted measurement value in the database includes:
intercepting the encrypted measured value uploaded to the convergence platform through a security gateway, and acquiring a public key from a key management server by the security gateway;
the security gateway decrypts the encrypted measured value by using the public key and forwards the decrypted measured value to the convergence server;
after receiving the measured value after decryption, the convergence server stores the measured value after decryption into a database according to a preset rule. Therefore, the purpose of decrypting and storing the data of the server side corresponding to the convergence platform is further achieved.
In some implementations of this embodiment, the client uses a usb key to take charge of digital signature, encryption and decryption of communication data, and decryption of client data when negotiating a session key with the server.
In some implementations of the present embodiment, the cryptographic operations may employ hardware encryption to ensure performance and security of the keys.
Referring to fig. 2, fig. 2 is a flowchart of another data aggregation method for real-time encrypted transmission according to an embodiment of the present invention. The method is based on a CB/S architecture model and consists of a server side and a client side. The data transmission of the method mainly comprises the steps of storing real-time measured values of terminal instrument equipment into a database and retrieving database data according to the data browsing requirements of users. The specific process of storing the real-time measured value of the terminal instrument device into the database is as follows: firstly, the convergence terminal acquires a private key from a key management server, then the convergence terminal acquires a measured value of a terminal instrument device, after the measured value is encrypted by the private key, the encrypted measured value is uploaded to a convergence platform by utilizing an MQTT protocol, then the encrypted measured value uploaded to the convergence platform is intercepted by a security gateway, meanwhile, the public key is acquired from the key management server by the security gateway, the encrypted measured value is decrypted by utilizing the public key, the decrypted measured value is forwarded to the convergence server, and after the decrypted measured value is received by the convergence server, the decrypted measured value is stored in a database according to a preset rule, so that the purposes of encrypting transmission and decrypting storage of data are realized. Secondly, the specific process of calling database data according to the data browsing requirement of the user is as follows: firstly, acquiring a terminal data browsing request, authenticating user identity information, then retrieving corresponding data from a database by a convergence platform according to the terminal data browsing request, then acquiring a public key from a key management server by a security gateway, encrypting the data retrieved from the database according to the public key, transmitting the encrypted ciphertext to a client, receiving the encrypted data by the client, decrypting the data by using a private key, and displaying the decrypted data on the client to finish data viewing.
Referring to fig. 4, fig. 4 is a block diagram illustrating a data aggregation system for real-time encrypted transmission according to an embodiment of the present invention. The embodiment of the application provides a data aggregation system for real-time encryption transmission, which comprises the following components:
the identity verification module 110 is configured to obtain user identity information through the client when responding to a terminal data browsing request of the client, and transmit the user identity information to the convergence platform for identity verification, and obtain an independent private key at the same time;
the data encryption module 120 is configured to retrieve corresponding data from the database according to the terminal data browsing request by the convergence platform, encrypt the data by using the security gateway, and send the encrypted data to the client;
the data decryption module 130 is configured to receive the encrypted data, decrypt the data using the private key, and display the decrypted data to the client, so as to complete data viewing.
In the implementation process, when a user browses data through a client, identity verification is firstly carried out through the convergence platform, an independent private key is obtained at the same time of the identity verification, the convergence platform searches data needed by the user from a database according to a terminal data browsing request of the user, the data is sent to the client after being encrypted through a security gateway, and after the client receives the encrypted data, the data is decrypted through the obtained private key and then displayed on the terminal, so that data viewing is completed. The system is responsible for user identity authentication, authority control, data encryption transmission, data decryption storage and behavior audit through a server corresponding to the convergence platform, and the client is responsible for data decryption browsing and data encryption transmission, so that the functions of user identity authentication, session negotiation keys, safety monitoring and anti-cracking of a client system are finished jointly by the aid of the server and the client. Thereby avoiding potential safety hazards in the data transmission process.
Referring to fig. 5, fig. 5 is a schematic block diagram of an electronic device according to an embodiment of the present application. The electronic device comprises a memory 101, a processor 102 and a communication interface 103, wherein the memory 101, the processor 102 and the communication interface 103 are electrically connected with each other directly or indirectly to realize data transmission or interaction. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The memory 101 may be used to store software programs and modules, such as program instructions/modules corresponding to a data aggregation system for encrypted transmission in real time, provided in the embodiments of the present application, and the processor 102 executes the software programs and modules stored in the memory 101, thereby performing various functional applications and data processing. The communication interface 103 may be used for communication of signaling or data with other node devices.
The Memory 101 may be, but is not limited to, a random access Memory (Random Access Memory, RAM), a Read Only Memory (ROM), a programmable Read Only Memory (Programmable Read-Only Memory, PROM), an erasable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), an electrically erasable Read Only Memory (Electric Erasable Programmable Read-Only Memory, EEPROM), etc.
The processor 102 may be an integrated circuit chip with signal processing capabilities. The processor 102 may be a general purpose processor including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; but also digital signal processors (Digital Signal Processing, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
It will be appreciated that the configuration shown in fig. 5 is merely illustrative, and that the electronic device may also include more or fewer components than shown in fig. 5, or have a different configuration than shown in fig. 5. The components shown in fig. 5 may be implemented in hardware, software, or a combination thereof.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners as well. The apparatus embodiments described above are merely illustrative, for example, flow diagrams and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing description is only of the preferred embodiments of the present application and is not intended to limit the same, but rather, various modifications and variations may be made by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.

Claims (10)

1. The data aggregation method for real-time encryption transmission is characterized by comprising the following steps:
when responding to a terminal data browsing request of a client, acquiring user identity information through the client, transmitting the user identity information to a convergence platform for identity verification, and acquiring an independent private key;
the convergence platform retrieves corresponding data from a database according to the terminal data browsing request, encrypts the data through a security gateway and sends the encrypted data to a client;
and the client receives the encrypted data, decrypts the data by utilizing the private key, and displays the decrypted data to the client so as to finish data viewing.
2. The method for data aggregation of real-time encrypted transmission according to claim 1, wherein the step of transmitting the encrypted data to the client through the security gateway comprises:
the security gateway obtains the public key from the key management server;
and the security gateway encrypts the data retrieved from the database according to the public key and transmits the encrypted ciphertext to the client.
3. The method for aggregating data transmitted by real-time encryption according to claim 1, wherein before the step of retrieving the corresponding data from the database according to the terminal data browsing request, the aggregation platform further comprises:
acquiring a measured value from terminal instrument equipment in communication connection with a convergence terminal in real time, and carrying out SM 2-level encryption on the measured value through the convergence terminal, wherein the convergence terminal is in communication connection with a convergence platform;
and uploading the encrypted measured value to the convergence platform by the convergence terminal, decrypting the encrypted measured value through the security gateway to obtain a decrypted measured value, and storing the decrypted measured value into a database.
4. A data aggregation method for encrypted transmission in real time according to claim 3, wherein said step of acquiring the measured value from the terminal equipment communicatively connected to the aggregation terminal in real time and performing SM2 level encryption on the measured value by the aggregation terminal comprises:
the method comprises the steps that a convergence terminal obtains a measured value of terminal instrument equipment, and meanwhile, the convergence terminal obtains a private key from a key management server;
and the convergence terminal encrypts the measured value by using the private key, and then uploads the encrypted measured value to the convergence platform by using an MQTT protocol.
5. A method for data aggregation in real time for encrypted transmission according to claim 3, wherein the steps of decrypting the encrypted measurement value by the security gateway to obtain a decrypted measurement value, and storing the decrypted measurement value in the database include:
intercepting the encrypted measured value uploaded to the convergence platform through a security gateway, and simultaneously acquiring a public key from a key management server by the security gateway;
the security gateway decrypts the encrypted measured value by using the public key and forwards the decrypted measured value to the convergence server;
and after receiving the measured value after decryption, the convergence server stores the measured value after decryption into a database according to a preset rule.
6. The method for data aggregation for real-time encrypted transmission according to claim 2, wherein before the step of obtaining the public key from the key management server, the security gateway further comprises:
the public key is deployed in the converged platform by a key management server.
7. The method for data aggregation of real-time encrypted transmissions according to claim 1, wherein the client uses a USBkey.
8. A data aggregation system for encrypted transmission in real time, comprising:
the identity verification module is used for acquiring user identity information through the client when responding to a terminal data browsing request of the client, transmitting the user identity information to the convergence platform for identity verification, and acquiring an independent private key;
the data encryption module is used for retrieving corresponding data from a database according to the terminal data browsing request by the convergence platform, carrying out data encryption processing by the security gateway and then sending the data to the client;
and the data decryption module is used for receiving the encrypted data by the client, decrypting the data by using the private key, and displaying the decrypted data on the client so as to finish data viewing.
9. An electronic device, comprising:
a memory for storing one or more programs;
a processor;
the method of any of claims 1-7 is implemented when the one or more programs are executed by the processor.
10. A computer readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the method according to any of claims 1-7.
CN202211102129.4A 2022-09-09 2022-09-09 Data aggregation method and system for real-time encryption transmission Pending CN116318759A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211102129.4A CN116318759A (en) 2022-09-09 2022-09-09 Data aggregation method and system for real-time encryption transmission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211102129.4A CN116318759A (en) 2022-09-09 2022-09-09 Data aggregation method and system for real-time encryption transmission

Publications (1)

Publication Number Publication Date
CN116318759A true CN116318759A (en) 2023-06-23

Family

ID=86776732

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211102129.4A Pending CN116318759A (en) 2022-09-09 2022-09-09 Data aggregation method and system for real-time encryption transmission

Country Status (1)

Country Link
CN (1) CN116318759A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103297437A (en) * 2013-06-20 2013-09-11 中国软件与技术服务股份有限公司 Safety server access method for mobile intelligent terminal
US20140195793A1 (en) * 2012-01-29 2014-07-10 Ty Brendan Lindteigen Remotely Establishing Device Platform Integrity
CN106230951A (en) * 2016-08-05 2016-12-14 桂林驰讯科技有限公司 A kind of intelligent water level inspection system based on Beidou navigation communication
CN107733635A (en) * 2017-11-29 2018-02-23 四川长虹电器股份有限公司 Data safe transmission method based on gateway
CN109885775A (en) * 2019-03-05 2019-06-14 重庆工商大学融智学院 A method of realize ecological environment space large data sets at shared
US20190207644A1 (en) * 2016-12-23 2019-07-04 Sierra Nevada Corporation Extended range communications for ultra-wideband network nodes
CN111159684A (en) * 2019-12-31 2020-05-15 郑州信大捷安信息技术股份有限公司 Safety protection system and method based on browser

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140195793A1 (en) * 2012-01-29 2014-07-10 Ty Brendan Lindteigen Remotely Establishing Device Platform Integrity
CN103297437A (en) * 2013-06-20 2013-09-11 中国软件与技术服务股份有限公司 Safety server access method for mobile intelligent terminal
CN106230951A (en) * 2016-08-05 2016-12-14 桂林驰讯科技有限公司 A kind of intelligent water level inspection system based on Beidou navigation communication
US20190207644A1 (en) * 2016-12-23 2019-07-04 Sierra Nevada Corporation Extended range communications for ultra-wideband network nodes
CN107733635A (en) * 2017-11-29 2018-02-23 四川长虹电器股份有限公司 Data safe transmission method based on gateway
CN109885775A (en) * 2019-03-05 2019-06-14 重庆工商大学融智学院 A method of realize ecological environment space large data sets at shared
CN111159684A (en) * 2019-12-31 2020-05-15 郑州信大捷安信息技术股份有限公司 Safety protection system and method based on browser

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
苏月娜;华中;寇志强;孔哲;王伟: ""基于ECC加密的电子商务系统"", 《电子设计工程》 *

Similar Documents

Publication Publication Date Title
CN110049016B (en) Data query method, device, system, equipment and storage medium of block chain
CN110460439A (en) Information transferring method, device, client, server-side and storage medium
CN109905474B (en) Data security sharing method and device based on block chain
GB2568966A (en) An encryption process
US20150326395A1 (en) Method for setting up a secure connection between clients
CN113067823B (en) Mail user identity authentication and key distribution method, system, device and medium
US20180083935A1 (en) Method and system for secure sms communications
CN103701596A (en) Document access method, system and equipment and document access request response method, system and equipment
CN104202736A (en) Mobile terminal short message end-to-end encryption method oriented to Android system
CN114443718A (en) Data query method and system
KR101541165B1 (en) Mobile message encryption method, computer readable recording medium recording program performing the method and download server storing the method
CN114499836A (en) Key management method, key management device, computer equipment and readable storage medium
CN111355702B (en) Method and system for secure transmission of data sets, medical facility and program product
KR20040097016A (en) Method and System of Web Storage Service with Cipher
CN110598427B (en) Data processing method, system and storage medium
US20130262600A1 (en) Image processing apparatus
CN107872312B (en) Method, device, equipment and system for dynamically generating symmetric key
CN116318759A (en) Data aggregation method and system for real-time encryption transmission
EP4020875A1 (en) Method, first server, second server, and system for transmitting securely a key
CN114945170A (en) Mobile terminal file transmission method based on commercial cipher algorithm
US11856091B2 (en) Data distribution system, data processing device, and program
KR20070062632A (en) Mobile message and file security implementation by cryptography
CN113452513A (en) Key distribution method, device and system
US9525554B2 (en) Device and method for identifying a certificate for multiple identities of a user
JP6167598B2 (en) Information processing apparatus, information processing method, and computer program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination